SpireTech Blog - Tag: Passwords
Advice on passwords and security.
used with permission from Norton by Symantec
by Nadia Kovacs
According to the credit reporting firm Experian, the average Internet user has about 19 different online accounts, for which they only have seven different passwords. In addition, one in ten users never change their online passwords, and one in 20 uses the same passwords for all of their online accounts.
Those statistics definitely show that the password system is broken. When passwords were invented in the 60’s, they were rather simplistic, as there was not a wide scale need for them. Today we have passwords for an exponential amount of web services. Couple that with the fact that we now need to make up complicated and difficult to remember random strings of text, numbers and symbols for each of those accounts and you just get one big headache. There’s no way anyone can remember 19 passwords, let alone 5.
That’s where the password manager comes in. Read more...
used with permission from Microsoft at Work
Whether at work, home, or mobile, keeping your computer and other devices secure is important. There are any number of threats to security on the web, but keeping your personal and work data safe is relatively easy. It may take a few minutes to get things set up, but after that, things mostly take care of themselves and you can sit back, relax, and enjoy worry-free computer time.
How many different passwords do you have? If the answer is “one” or “a few,” then you run the risk of all your password-protected accounts being compromised as soon as one of them is. A leak from one site means every other site with that same password is at risk. If you use that same password for your email accounts, hackers could take that over, too, which would leave you locked out of your account and unable to change any of your passwords once you realize it’s been compromised. Read more...
used with permission from HP Technology at Work
You might not think about it when you’re browsing the web, shopping online and interacting on social media, but you are the first line of defense against cyber security risks. The power to be safe is in your hands, and at your fingertips. Developing and maintaining good habits can make online activity much safer, and more enjoyable for you and your colleagues.
The following 7 good habits take only minutes to learn. and are easy enough to incorporate into your daily work life.
1. Create strong passwords
Passwords are usually the first, and sometimes only, protection against unauthorized access. They are the keys to your online kingdom, so keep these guidelines in mind.
- Many websites will let you know whether your password is safe when you’re in the process of creating it. Pay attention to that, and if the site indicates that your password is weak or not secure, create a better one.
I came across an article that has been making the rounds this past month that you can read here. It’s the story of one editor’s (Nate Anderson of Ars Technica) foray into password cracking and it can be very eye opening to the world of password security. In it, he goes over how he dipped his toes into the seedy world of brute-force cracking, using a computer to guess someone’s password a million times a second, and was able to accomplish a lot in a single day. You may find it enlightening how passwords are encrypted and stored. Hopefully it will get you asking important questions you may not have thought about before – how your security is handled; are passwords stored securely; are you using the same password everywhere.
One thing that struck me was the RockYou dictionary. I already knew about dictionaries (or wordlists). Read more...
In more recent security news – a database of 450,000 user names and passwords of Yahoo Voice users was stolen and produced to the internet. Unfortunately for Yahoo Voice’s users, the passwords weren’t encrypted. Lucky for us, Anders Nilsson, a Swedish security expert, saw this opportunity to analyze the password data to see what behaviors people have. What he found was a bit mind-blowing and he decided to share a few notable results; the most notable ones being ‘123456’ and ‘password’; even a few hundred users with one character passwords. The whole of his results can be seen here.
Lessons we can glean from this, aside from the essential need of password complexity, is not using the same password for any two logins. If these Yahoo accounts happened to use the same e-mail address and password for their Linkedin, Facebook, Twitter, or Bank accounts, they could be compromised.
Some Dropbox users started complaining that they had received spam to accounts created and used solely for Dropbox. Claims of spam sent to users started to mount and, as Dropbox didn’t sell this user information, the first thought on everyone’s mind was that Dropbox had been compromised and user information was taken. The worry there was how much user data did they possibly get their hands on. Dropbox’s own access to user data has been a touchy subject, let alone nefarious hands that may have found their way into the popular remote storage provider. Receiving spam isn’t, necessarily, definitive proof of a leak but an independent party was hired to look and find any problems. They found one.
In late August, Dropbox announced in a blog post that an employee’s account was compromised and a file containing e-mail addresses was taken. How much data was in there, or what other files might have been accessed is unsure. Read more...